Skip to content
Validate CMS Pull Request

[Snyk] Security upgrade aws-amplify from 3.4.3 to 6.0.0 #77

Sign in to view logs

[Snyk] Security upgrade aws-amplify from 3.4.3 to 6.0.0

[Snyk] Security upgrade aws-amplify from 3.4.3 to 6.0.0 #77

Workflow file for this run

.github/workflows/pr-cms.yml at 62b7de1
name: Validate CMS Pull Request
on:
pull_request:
branches:
- main
paths:
- "packages/cms/**"
- "!**/**.md"
- "!docs/**"
workflow_dispatch:
jobs:
install:
name: Install dependencies
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Cache node modules
uses: actions/cache@v2
env:
cache-name: cache-node-modules
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: |
~/.npm
**/node_modules
~/.cache/Cypress
**/.serverless
**/.webpack
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
${{ runner.os }}-build-cms-${{ env.cache-name }}-
${{ runner.os }}-build-cms-
${{ runner.os }}-
- name: Use Node.js 12.x
uses: actions/setup-node@v1
with:
node-version: 12.x
- name: Install dependencies
working-directory: packages/cms
run: yarn
build-cms:
name: Build CMS
runs-on: ubuntu-latest
needs: install
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Cache node modules
uses: actions/cache@v2
env:
cache-name: cache-node-modules
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: |
~/.npm
**/node_modules
~/.cache/Cypress
**/.serverless
**/.webpack
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
${{ runner.os }}-build-cms-${{ env.cache-name }}-
${{ runner.os }}-build-cms-
${{ runner.os }}-
- name: Cache build
uses: actions/cache@v2
env:
cache-name: cache-build
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: |
**/build
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ github.sha }}
- name: Use Node.js 12.x
uses: actions/setup-node@v1
with:
node-version: 12.x
- name: Lint
working-directory: packages/cms
run: yarn lint
env:
CI: true
- name: Build CMS
working-directory: packages/cms
run: yarn build
env:
REACT_APP_AUTH_AWS_REGION: ${{ secrets.TEST_AUTH_AWS_REGION }}
REACT_APP_AUTH_POOL_ID: ${{ secrets.TEST_AUTH_POOL_ID }}
REACT_APP_AUTH_CLIENT_ID: ${{ secrets.TEST_AUTH_CLIENT_ID }}
REACT_APP_AUTH_OAUTH_DOMAIN: ${{ secrets.TEST_AUTH_OAUTH_DOMAIN }}
REACT_APP_AUTH_OAUTH_SIGNIN: ${{ secrets.TEST_AUTH_OAUTH_SIGNIN }}
REACT_APP_AUTH_OAUTH_SIGNOUT: ${{ secrets.TEST_AUTH_OAUTH_SIGNOUT }}
REACT_APP_UPLOAD_ENDPOINT: ${{ secrets.TEST_UPLOAD_ENDPOINT }}
REACT_APP_API_ENDPOINT: ${{ secrets.TEST_API_ENDPOINT }}
- uses: actions/upload-artifact@v1
with:
name: cms-build
path: packages/cms/build
validate-api:
name: Validate API
runs-on: ubuntu-latest
needs: install
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Cache node modules
uses: actions/cache@v2
env:
cache-name: cache-node-modules
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: |
~/.npm
**/node_modules
~/.cache/Cypress
**/.serverless
**/.webpack
key: ${{ runner.os }}-build-app-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-app-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
${{ runner.os }}-build-app-${{ env.cache-name }}-
${{ runner.os }}-build-app-
${{ runner.os }}-
- name: Use Node.js 12.x
uses: actions/setup-node@v1
with:
node-version: 12.x
- name: Cache DynamoDB docker images
uses: satackey/[email protected]
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-southeast-1
- name: Setup DynamoDB Local
uses: rrainn/[email protected]
with:
port: 8062
cors: "*"
- name: Create DynamoDB Table
working-directory: infra
run: yarn workspace infra ddb:init
- name: Smoke Test
run: yarn build:api
- name: Test API
run: yarn test:api
- name: Coverage Report
run: yarn coverage:api
- uses: actions/upload-artifact@v1
with:
name: Coverage Report
path: coverage
validate-cms:
name: Validate CMS
runs-on: ubuntu-latest
needs:
- build-cms
- validate-api
strategy:
# when one test fails, DO NOT cancel the other
# containers, because this will kill Cypress processes
# leaving the Dashboard hanging ...
# https://github.com/cypress-io/github-action/issues/48
fail-fast: false
matrix:
# run 3 copies of the current job in parallel
containers: [1, 2, 3]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Cache node modules
uses: actions/cache@v2
env:
cache-name: cache-node-modules
with:
path: |
~/.npm
**/node_modules
~/.cache/Cypress
**/.serverless
**/.webpack
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
${{ runner.os }}-build-cms-${{ env.cache-name }}-
${{ runner.os }}-build-cms-
${{ runner.os }}-
- name: Cache build
uses: actions/cache@v2
env:
cache-name: cache-build
with:
path: |
**/build
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ github.sha }}
- name: Cache docker images
uses: satackey/[email protected]
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-southeast-1
- name: Setup DynamoDB Local
uses: rrainn/[email protected]
with:
port: 8062
cors: "*"
- name: Create DynamoDB Table
working-directory: infra
run: yarn workspace infra ddb:init
- name: Start API
run: yarn start:api &
env:
DEBUG: "lambda:*"
- name: Integration tests
uses: cypress-io/github-action@v2
env:
CYPRESS_username: ${{ secrets.CYPRESS_USERNAME }}
CYPRESS_password: ${{ secrets.CYPRESS_PASSWORD }}
CYPRESS_mailUrl: ${{ secrets.CYPRESS_MAIL_URL }}
CYPRESS_mailApiKey: ${{ secrets.CYPRESS_MAIL_API_KEY }}
CYPRESS_cognitoPoolId: ${{ secrets.TEST_AUTH_POOL_ID }}
CYPRESS_cognitoRegion: ${{ secrets.TEST_AUTH_AWS_REGION }}
CYPRESS_awsAccessKeyId: ${{ secrets.TEST_COG_ACCESS_KEY_ID }}
CYPRESS_awsSecretAccessKey: ${{ secrets.TEST_COG_SECRET_ACCESS_KEY }}
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DDB_ENDPOINT: http://localhost:8062
DDB_TABLE: abu-local
DEBUG: ""
with:
record: true
parallel: true
group: Tests on container
working-directory: packages/cms
start: yarn serve
wait-on: "http://localhost:8060, http://localhost:8061/content"
# - uses: actions/upload-artifact@v1
# if: failure()
# with:
# name: cypress-screenshots
# path: packages/cms/cypress/screenshots
# # Test run video was always captured, so this action uses "always()" condition
# - uses: actions/upload-artifact@v1
# if: always()
# with:
# name: cypress-videos
# path: packages/cms/cypress/videos
lighthouse:
name: Lighthouse
runs-on: ubuntu-latest
needs: build-cms
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Cache node modules
uses: actions/cache@v2
env:
cache-name: cache-node-modules
with:
path: |
~/.npm
**/node_modules
~/.cache/Cypress
**/.serverless
**/.webpack
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
${{ runner.os }}-build-cms-${{ env.cache-name }}-
${{ runner.os }}-build-cms-
${{ runner.os }}-
- name: Cache build
uses: actions/cache@v2
env:
cache-name: cache-build
with:
path: |
**/build
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ github.sha }}
- name: Run Lighthouse against a static build dir
uses: treosh/lighthouse-ci-action@v3
with:
configPath: "./packages/cms/lighthouserc.json"
runs: 1
uploadArtifacts: true # save results as an action artifacts
temporaryPublicStorage: true # upload lighthouse report to the temporary storage